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(54) Abstract Title 

Authentication using biometries identification 

(57) An authentication method using biometrics identification comprises the steps of: identifying 12 a user by 
biometrics entered 10 from a portable authentication terminal 1; when the user has been registered previously, 
establishing communication between the authentication terminal 1 and an authentication executing device Z 
and calculating a common secret key for use in transmission of an authentication message; encrypting 15 an 
authentication message including information inherent to the user (eg. password) in the authentication 
terminal 1 based on the secret key? sending the encrypted authentication message to the authentication 
executing device 2; and decrypting the authentication message there based on the calculated secret key, 
thereby executing an operation depending on the user-Inherent information included in the message. 

FIG* 1 



I 



tNFO*M*TOM STORMO UMTT 



H 



M/THBmCATION 
EXECUTMQ DBVIC8 



t—r 
i_L 



31 



wn 



FKSo 1 



USER'S FINGERPRINT INPUT 



r 



1 



10 



PORTABLE TERMINAL 



FINGERPRINT 
SENSOR 



>11 



FINGERPRINT 
FEATURE 
EXECUTING UNIT 



I 



A 2 



FINGERPRINT 
CHECKING UNIT 



USER INHERENT 
INFORMATION STORING UNIT 



FINGERPRINT 


SECRET 


FEATURE 


INFORMATION 



✓14 



|SI 

i 



SECRET KEY 
AGREEING UNIT 



~2T 
I 



H 



AUTHENTICATION MESSAGE 
ENCRYPTING UNIT 



i 



16 



COMMUNICATION MESSAGE SENDING UNIT 



I I 

I I 
I I 



AUTHENTICATION 
EXECUTING DEVICE 




COMMUNICATION MESSAGE 
RECEIVING UNIT 



1 



i — r 



SECRET KEY 
AGREEING UNIT 




AUTHENTICATION 



•or 



MESSAGE 
DECRYPTING UNIT 



USER INHERENT 

OPERATION 
EXECUTING UNIT 



FIG 



( START \ 



PICKING UP 
FINGERPRINTS IMAGE 



xJ 01 



I 



EXTRACTING FINGERPRINT 
FEATURE INFORMATION 
FROM THE FINGERPRINTS IMAGE 



202 



I 



READING A PAIR OF UStn 
INHERENT INFORMATION AND 

FINGERPRINT FEATURE 
INFORMATION RFING STORED 



03 



I 



COMPARING RNGERPRINT 
FEATURE AND ESTIMATING 



xJ 04 




SUPPLYING USER INHERENT 
INFORMATION CORRESPONDING 
TO THP FINGERPRINT 



I 



CREATING AND SENDING RANDOM Lj 07 
NUMBER, CALCULATING SECRET KEY 
pAccn r»M THF RANDOM NUMBER 



i 



[ 



— ENCRYPTING USER INHERENT 
INFORMATION USING SECRET KEY 
AND CREATE MESSAGE 



'08 



ENCRYPTING AND 
SENDING M ESSAGE 



xJ 09 



ERROR 
PROCESSING 



FI< 



RECEIVING ENCRYPTED MESSAGE 



01 



JL 



DECRYPTING ENCRYPTED MESSAGE 
USING SECRET KEY 



02 



PROCESSING BY USER INHERENT 
OPERATION EXECUTING UNIT 




03 



( END Jj) 



4/6 



FIG. 4 



USER'S FINGERPRINT INPUT 



10 



PORTABLE TERMINAL 



FINGERPRINT 
SENSOR 



11 



FINGERPRINT 
FEATURE 
EXECUTING UNIT 



13 



-12 



FINGERPRINT 
CHECKING UNIT 



USER INHERENT INFORMATION 
STORING UNIT 




FINGERPRINT 
FEATURE 


SECRET 
INFORMATION 









14 



SECRET KEY 
AGREEING UNIT 

T — — ™ 



1 



15 



AUTHENTICATION MESSAGE 
ENCRYPTING UNIT 



.16 



COMMUNICATION MESSAGE 
SENDING UNIT 



T 



COMMUNICATION MESSAGE TRANSFERRING UNIT 



AUTHENTICATION 
EXECUTING DEVICE 



COMMUNICATION 

MESSAGE 
RECEIVING UNIT 



21 



22 



SECRET KEY 
AGREEING UNIT 



AUTHENTICATION 

MESSAGE 
DECRYPTING UNIT 



USER INHERENT 

OPERATION 
EXECUTING UNIT 




STORING 
MEDIUM 



45 



F3D 



COMMUNICATION 
UNIT 




DATA PROCESSOR 



STORING 
MEDIUM 



FIG. 7 (PRIOR ART) 



USER'S FINGERPRINT INPUT 



10 



FINGERPRINT 
SENSOR 



i ^ 

FINGERPRINT 
FEATURE 
EXECUTING UNIT 



11 



12 



FINGERPRINT 
CHECKING UNIT 











USER INHERENT INFORMATION 


STORING UNIT 




FINGERPRINT 


SECRET 






FEATURE 


INFORMATION 









17 



USER INHERENT OPERATION 
EXECUTING UNIT 



AUTHENTICATION EXECUTING DEVICE, PORTABLE AUTHENTICATION 
DEVICE, AND AUTHENTICATION METHOD USING BIOMETRICS 

IDENTIFICATION 

^arygRonwDS OF THE mi ENEZm 

The present invention relates to an 
authentication executing device, a portable device for 
authentication, and an authentication method for 
certifying a user's identity through the check of 
biometrics, that is, his or her physical features such 
as fingerprints that can be measured, thereby to allow 
the operation executable only by the user himself or 
herself. 

PSSCTTPTIQ W THE T?KT,ATTO ftBS 

The operations executable only by a user himself 
or herself in an information processing system, for 
example, in a personal computer (hereinafter, referred 
to as a PC) include a log-in operation of the identified 
user, electronic commerce of dealing with a person in 
confirmation of the person's identity, and further file 
encryption and decryption. 

in the conventional technique, a user's input of 
a password certifies that a person trying to do the 
above operation is the authorized user. In this case, a 
person asking for permission has trouble registering 
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his or her predetermined password in advance, and if the 
password should be stolen, another user will make 
fraudulent use of the PC, acting like the authorized 
user. 

R In order to solve the problem, a method of using;: 

biometrics such as fingerprints, instead of a password, 
has been proposed. Below the description will be made 
with reference to Pig. 7, by way of example, in the case 
of using fingerprints as the biometrics. 

I0 in the conventional technique, a fingerprint :i 

sensor 10 is connected to a PC; feature information for 
matching the user's extracted fingerprint data is 
stored in a user-inherent information storing unit 13 
within the PC; when some fingerprint is provided by a 

16 user's input, a fingerprint feature extracting unit 11 ^ 

extracts the feature information from the fingerprint; a 
fingerprint checking unit 12 judges whether the feature 
of the fingerprint is in accord with the stored data; 
only when they are of one accord, the user is certified 

20 as the authorized user and a user-inherent operation ?: 

executing unit 17 performs the user identification 
operation. 

in this form, since the input image and feature 
information of the fingerprint is processed within a 
26 system performing authentication, there is a risk that 

the feature information may be stoken by tampering with 
the program when the syetem is not under the control of a 
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uses. 5a order to solve the problem, there has been a 
saethod of holding the fingsrpriat feature information 
stered ia the user inherent iaSera&tion storing unit 13 
in Pig- 7, on a portable tersaiasl esrried by a user, 
eades th© control of the uses, mz® specifically, on an 
iafermafeion terminal such as aa electronic notepad, or 
ea © medium, for example, aa JC card, and transferring 
feh© content thereof to a PC to eheek the data. ?ven i° 
this way, bewever, when a fiag®?j?rint sensor is 
'connected to a PC in poor management, ther© is a 
possibility of tampering with « prograa for controlling 
giagerprint input, so as to act like an authorised user, 
as if the authorized user had entered the fingerprint 
through the finger sensor, by using the fingerprint 
image of the other person being copied and stored, or 
© fraudulent fingerprint image. 

On the other hand, the above portable terminal 
that can be carried by a user has the advantage that the 
user's identity, can be checked at any place. However, it 
is troublesome to insert the termiaal into a PC, or 
connect the terminal to a PC by a cable in order to do aa 
authentication operation. There is a method of using 
iafrared rays, radio waves, sound waves, or the like in 
a aea°eentact way, so to exchange data therebetween. 
These signals, however, are easily intercepted, and 
there is the possibility that the other person, 
receiving the data signal, makes use of it again so as 
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to act like tfce authorized user. 

An object of the preferred embodiments of the 
present invention is to provide an authentication method 
and system with high security, free from the trouble of 
remembering a password and the risk of the other person 
using a PC by acting like the authorised user, capable of 
connecting a terminal with the PC by infrared rays, radio 
* waves, or sound waves, taking portability into 
consideration, with no possibility of stealing the 
fingerprint data and making fraudulent use of a message. 

According to the first aspect of the invention, 
an authentication method using biometrics identification 

comp*i*« 8 the following steps • 

identifying a user by bi«netrics entered from a 

portable authentication terminal, 

when the user has been registered previously, 
establishing communication between the authentication 
terminal and an authentication executing device 
independent of the authentication terminal, and 
calculating a common secret key for use in transmission 
of an authentication message, — 

encrypting the authentication message including 
the user's inherent information based on the secret key 
in the authentication terminal, 

sending the encrypted authentication message from 
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the authentication terminal to the authentication 
executing device , and 

decrypting the authentication message based on 
the calculated secret key in the authentication 
5 executing device , thereby executing an operation 

depending on the user inherent information included ia 

the message. 

In the preferred construction, the communication 
message is transmitted in one of non-contact types of 

10 "communications, for example, via infrared rays f radio 
waves, and sound waves. 

In another preferred construction, the user- 
inherent information included in the authentication 
message includes such secret information as cannot be 

15 read out without identification of an authorized user 

from the biometrics in the authentication terminal. 

Xn another preferred construction, an operation 
to be executed by the authentication executing device 
depending on the user-inherent information is a aon- 

20 executable operation without identification of an 

authorised user from the biometrics in the 
authentication terminal, and therefore a function of 
authenticating that a person having registered the 
biometrics previously carries and uses the 

25 authentication terminal, is provided. 

in another preferred construction, the user 
inherent information included in the authentication 
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message includes individual information that cannot be 
read out without identification of an authorized user 
from the biometrics in the authentication terminal, and 
using the individual information, the authentication 
5 executing device executes the operation depending on the 

information of a user employing the authentication 
function. 

In another preferred construction, the operation 
performed by the authentication executing device 
10 depending on the user-inherent information includes file* 

encryption and decryption, and a secret key for use in 
this encryption and decryption is to be stored in such a 
way that the secret key cannot be read out without 
identification of an authorized user from the biometrics 
15 in the authentication terminal. 

According to the second aspect of the invention, 
a portable terminal for authentication using biometrics 
identification comprises 

biometrics image input means for receiving a 

20 user's biometrics image, 

biometrics feature-extracting means for 
extracting a biometrics feature for matching from the 

input biometrics image, 

user-inherent information storing means for 
25 storing the biometrics feature and inherent information 

of the user in pairs, 

secret-key-agreeing means for deciding a key for 
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use in encryption of an authentication message between 
the authentication executing device and the portable 
terminal^ 

biometrics image-checking means for comparing the 
biometrics image extracted from the user's input 
biometrics image with the biometries feature stored in 
the user-inherent information storing means, judging 
whether the user having entered the biometrics image 
this time is a registered user or not, and when this 
-user is a registered user, supplying the inherent 
information stored in pairs with the biometrics image in 
the user-inherent information storing means, 

authentication-message encrypting means for 
encrypting the user's inherent information by the 

decided secret key, and 

communication-message sending means for sending a. 
communication message to the authentication executing 
device . 

In the preferred construction, the user-inherent 
information storing means stores the biometrics features 
and inherent information for a plurality of users, and 
the biometrics image-checking means estimates score - 
indicating similarity of the biometrics images, and 
judges that the user having entered the biometrics image 
this time is a registered user when the score is higher 

than a threshold . 

In another preferred construction, the user- 
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inherent information storing means stores the biometrics 
features and inherent information for a plurality of 
users, and the secret key-agreeing-means creates any 
random number, sends the random number to the 
authentication executing device, and calculates the key 
by use of a secret formula based on the same random 
number* 

In another preferred construction, the biometrics 
image checking means estimates a score indicating 
similarity of the biometrics images, and judges that the - 
user having entered the biometrics image this time is a 
\^ I registered user when the score is higher than a 

" threshold, and the secret- key-agreeing means creates any 
random number, sends the random number to the 
authentication executing device, and calculates the key., 
by use of a secret formula based on the same random 
number. 

in another preferred construction, the user* 
inherent information storing means stores the biometrics 
features and inherent information for a plurality of « 
users, and the secret-key- agreeing means performs mutual 
authentication together with the authentication 
executing device according to a predetermined protocol 
and countersign prior to deciding the key. 

in another preferred construction, the biometrics- 
image checking means estimates a score indicating 
similarity of the biometrics images, and judges that the 
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uses haviag entered the biometries image this time is a 
registered user when the sees® ±s higher thaa a 
fehr®shel4, a»4 the secret-key- agreeing means performs 
mutual authentication together with the authentication 
©asaetstisg device according t© a predetermined protocol 
©ad countersign prior to de@£d£ag the key. 

2» ©aether preferred eeastructioa, the user- 
iahertsat information storing mesas stores the biometrics 
features) sod inherent iaf oraatiea for a plurality of 
'useSSf aad the secret- key-agreeing means oyeafcea any 
raadom number, sends the created raadom number to the 
awtheatieation executing deviee, receives the created 
random number from the authentication executing device, 
©ad creates the key by use of both raadom numbers. 

Xa another preferred caast ruction, the biometrics^ 
Image ..checking means estimates ' & score indicating 
similarity of the biometrics images, and judges that the 
user having entered the biometrics image this time is a 
registered user when the score is higher thaa a 
threshold, and the secret- key- agreeing means creates any 
random number, sends the created random number to the 
authentication executing device, receives the created 
random number from the authentication executing device, 
and creates the key by use of both random numbers. 

In another preferred construction, the portable 
terminal communicates with the authentication executing 
device by one of non-contact types of communications, for 
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example, via infrared rays, radio waves, and sound waves. 

jn another preferred construction, the portable 
terminal communicates with the authentication executing 
device through another terminal t 

According to the third aspect of the invention, 
an authentication system for performing authentication 
using biometrics identification, comprises 

a portable terminal and an authentication 
executing device, 

wherein the portable terminal includes! 

biometrics image input mean* for a user's 
receiving biometrics image, 

biometries feature extracting means for 
extracting a biometrics feature for matching from the 

input biometrics image, 

. user-inherent information storing means for 
storing the biometrics feature and inherent information 

of the user in pairs, 

secret-key-agreeing means for deciding a key for 
use in encryption of an authentication message between 
the authentication executing device and the portable 
terminal, 

biometrics image-checking means for comparing the 
biometrics image extracted from the user's input 
biometrics image with the biometrics feature stored in 
tne user inherent information storing means, judging 
whether the user having entered the biometrics image 



11 



this time is a registered user or not, and vhen this 
user is a registered user, supplying the inherent 
information stored in pairs with the biometrics image in 
the user inherent information storing means, 

authentication message encrypting means for 
encrypting the user's inherent information by use of the 

decided secret key, and 

communication message sending means for sending a 
communication message to the authentication executing 

10 / " device, 

wherein the authentication executing device includes: 

secret-key- agreeing means for deciding a key for 
use in encryption of an authentication message between 
the portable terminal and the authentication executing 

15 V_device, 

communication message receiving means for f 
receiving a communication message sent from the portable 
terminal, 

authentication message decrypting means for 
20 decrypting the communication message by us® of the 

decided secret key, and 

user inherent operation executing means for 
executing the user-inherent operation based on the 
inherent information decrypted from the communication 
25 message. 

In the preferred construction, the user-inherent 
information storing means of the portable terminal 
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stores the biometrics features and inherent information: 
for a plurality of users, and the biometrics images 
checking means estimates a score indicating similarity of 
the biometrics images, and judges that the user having 
entered the biometrics image this time is a registered 
user when the score is higher than a threshold. 

in another preferred construction, the user- 
inherent information storing means of the portable 
terminal stores the biometrics features and inherent 
-information for a plurality of users, and the secret-key- 
agreeing means creates any random number, sends the 
random number to the authentication executing device, 
and calculates the key by use of a secret formula based 
on the same random number. 

in another preferred construction, the biometrics 
image-checking means of the portable terminal estimates 
score indicating similarity of the biometrics images, 
and judges that the user having entered the biometrics 
inage this time is a registered user when the score is 
higher than a threshold, and the secret-key-agreeing 
means creates any random number, sends the random number 
to the authentication executing device, and calculates 
the key by use of a secret formula based on the same 

random number- 

in another preferred construction, the secret-key- 
agreeing means of the authentication executing device 
calculates the key by use of the same secret formula as 
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that of the portable terminal based on the random number 
sent from the portable terminal o 

In another preferred construction, the secrete key-, 
agreeing means of the authentication executing device 
receives the random number from the portable terminal , 
creates any random number, and creates the key by use of 
the both random numbers <> 

According to another aspect of the invention, a 
eossmeer-readable memory stores an authentication 
"program for making a computer perform authentication 
using biometrics identification, 

the authentication program comprising 

a biometrics -image input step for a user's 
receiving biometrics image, 

a biometrics feature extracting step for 
extracting biometrics -feature for matching from the 
input biometrics image, 

a secret-key-agreaing step for deciding a key for 
u@e ia encryption of an authentication message between 
the authentication executing device and the portable 
terminal? 

& biometrics -image checking step for comparing 
the biometrics image extracted from the user's input 
biometrics image with the biometries feature stored in 
the user-inherent information storing means for storing 
a pair of the biometries features and inherent 
information of the user, judging whether the user having 
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entered the biometrics image this time is a registered 
user or not, and when this user is a registered user, 
supplying inherent information stored in pairs vith 
the biometrics image in the user-inherent information 

B storing means, 

an authentication message encrypting step for 

•ncrypting the user's inherent information by use of the 

decided secret key, and 
r e communication message sending step for sending 

10 communication message to the authentication executing 

I device f 

in the preferred construction, the biometrics- 
ipage checking step of the authentication program 
estimates » indicating similarity of the biometrics 

l5 images, and judges that the user having entered the 

biometrics image this time is a registered user when the 
score is higher than a threshold, and the secret-*ey- 
agreeiug step of the authentication program creates any 
random number, sends the random number to the 

20 authentication executing device, and calculates the key 

by use of a secret formula based on the same random 
number, 

in another preferred construction, the computer- 
readable memory stores an authentication executing program of 
25 tbe authentication executing device, the authentication 

executing program making a computer perform: 



a secret-key-agreeing step for deciding a key for 
13s® ia encryption of an autb©»t4eation message between 
the authentication program aa4 fcb® authentication 

@sg@euting program; 

$ eoramunication-mesgsg© yeeeiviag step fos 
^©eeivinf © communication maesQf® sent fro® the 

8Ufehe&tie&ti©& program? 

88 authentication-message decrypting step for 

$<BG$Y$t>ln% the communication massage by use of fche 

decided secret key? and,, 

a user-inherent operation executing step for 
executing the user inherent operation based on the 
inherent information decrypted from the communication 

* m©ssag@. 

18 another preferred construction , the a©cret-ke^ 
agreeing step of the authentication executing program 
ejaculates the key by use of the seme secret formula as 
that of the portable terminal based on the random number 
seat fro® the portable terminal • 

In another- preferred construction , the secret-key- 
agreeing step of the authentication executing program 
receives the random number from the authentication 
program, creates any random number, and creates the key 
by use of both random numbers <> 

Other objects, features and advantages of the 
present invention tfill become clear from the detailed 
description given her@below<> 
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TffiTK* ngfiCBTPTTON OF THE DRAWINGS 
Preferred features of the present invention will 
now be described, by way of example only, with reference 
to the accompanying drawings, in which : - 

Fig. 1 is a block diagram showing the structure 
of an authentication system according to an embodiment 
of the present invention; 

Fig. 2 is a flow chart for use in describing the 
operation of a portable terminal according to a first . 
embodiment of the present invention; 

Pig. 3 is a flow chart for use in describing the 
operation of the authentication executing device 
according to the first embodiment of the present 

invention; Si 
Fig. 4 is a block diagram showing the structure 

of an authentication system according to the other 

embodiment of the present invention; 

Fig. 5 is a block diagram showing the structure 

in the case of realizing the portable terminal by using. 

software; 

Fig. 6 is a block diagram showing the structure 
in the case of realizing the authentication executing 



device by using software; 

Fig. 7 is a block diagram showing the structure 
of a conventional authentication system 



ngfirttTPTTOTT or TOE PBKFBBftEP EMBODIMENT! 

The preferred embodiment of the present invention 
will be discussed hereinafter in detail with reference 
to the accompanying drawings = In the following 
description, numerous specific details are set forth in 
"order to provide a thorough understanding of the present 
invention. It will be obvious, however, to those skilled 
in the art that the present invention aay be practiced 
without these specific details. In other instance, well- 
known structures are not shown in detail in order to 
unnecessary obscure the present invention. 

The present invention is to identify a user by 
the biometrics being entered and perform the stored user 
inherent operation only when the entered biometrics is 
ia aecord with the registered one. Especially, 
biometrics input and its feature extraction, and 
checking processing is performed by a terminal that a 
user carries, and communication between the terminal and 
an authentication executing device for executing the 
user's inherent operation is encrypted by a secret key 
particular to the communication about which the portable 
terminal and the authentication executing device are. 
agreed, thereby to assure the security in the whole 
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system. 

With reference to Pig. 1, an authentication 
system according to a first embodiment of the present 
invention comprises a portable terminal 1 and an 
authentication executing device 2. 

The portable terminal 1 comprises a fingerprint 
sensor 10, a fingerprint feature extracting unit 11. a 
fingerprint checking unit 12, a user inherent 
information storing unit 13, a secret key agreeing unit 
14, an authentication message encrypting unit 15, and a* 
communication message sending unit 16. 

The authentication executing device 2 comprises a 
communication message receiving unit 21, a secret key 
agreeing unit 22, an authentication message decrypting 
unit 23, and a user inherent operation executing unit 24.; 

Each component of the portable terminal 1 and the 
authentication executing device 2 will be hereinafter 
described in accordance with its operation. Pig. 2 is a 
flow chart showing the operation of the portable 
terminal 1 and Pig. 3 is a flow chart showing the :s 
operation of the authentication executing device 2. 

The fingerprint sensor 10 of the portable 
terminal 1 picks up the fingerprint's image when a 
finger of a user comes into contact with it, and 
converts the image data into digital image data suitable 
to be processed in the fingerprint feature extracting 
unit 11 (Step 201). 
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As the structure of the fingerprint sensor 10, 
such an optical method can be used, that the L£D~emitted 
light is reflected by the prism and the reflected light 
is converted into digital image by a CCD by making use 
of difference in the reflection rate between ridges and 
furrows according to the finger* put outside of the 
reflected surface, thereby to pick up the fingerprint's 
image o Or, a use of such a fingerprint sensor of the 
capacitance detecting method, as disclosed in "A Robust, 
lo8V, 250uW, Direct Contact 500dpi Fingerprint Sensor 0 
(inglis et al.)# 1EEE2 ISSCC98, SA 17o7 pp. 284-285 (1998 
2), could realise a thin and small sized fingerprint 
sensor more suitable for portability. In this 
capacitance detecting method, by measuring the 
difference in the capacitance between the ridge portion 
and the furrow portion having a layer of the air on the 
surface of a finger coming into contact with the sensor 9 
the figure of the fingerprint is converted into digital 
image, thereby to pick up the fingerprint 0 s image. 

The fingerprint feature extracting unit 11 
receives the fingerprint's image obtained by the 
fingerprint sensor 10 and executes the processing of 
extracting the feature for use in fingerprint 
identification from the same image (Step 202). 

The feature extracting method includes, for 
example, a method described in the following articles; 
Automated Fingerprint Identification by Minutia-Network 



Feature —Feature Extraction processes--" written by 
Hiroshi Asai, *ukio Hoshino, Kazuo Kichi, The Institute 
of Electronics/ information and Communication Engineers 
Transactions, vol. J72-D-II, Ho. 5, pp..724-732 (1989-5). 
Here, the pattern of ridges is extracted from a gray- 
scale image of ridges by the binarization processing and 
thinning pressing, the number of the intersectional 
ridges on the line interconnecting the end point and the 
bifurcation is counted after detecting the positional 
'relation between the both points, and the relational 
view is represented in digital data, which is used as 
the fingerprint feature to be matched. 

The user inherent information storing unit 13 
stores the fingerprint feature information of the above 
format and the corresponding user inherent information 
(secret information) particular to a user owning the 
above fingerprint in pairs. 

Here, the user inherent information means the 
data including useful information of various formats on 
user's identify, such as unique identifier for 
identifying a user, and the data which only the user is 
permitted to access to, for example, a password for use 
in log-in to a computer, the secret alphabet and numeral 
string (secret number or password) for identifying a 
person in the electronic commerce,, and the like. 

When storing a new pair of the user inherent 
information and the fingerprint feature information, the 
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U©<sr inherent information te be stored is entered £ roa a 
pea-typed input uait o£ a portable terminal, th© 
fiagespsint «> 2 corresponding user is entered from 
t&e ^iagssp^iat sensor 10, ai»4 the fingerprint feature 
©fetained fey fiagerprint fsatus® extracting uait 11 
based oa the above information is 9tered in the uses? 
inherent information storing unit 13 *eget»®r with tb© 
corresponding user iabereat inf©rmation. she us®? 
inherent information storing uait 13 may be designed to 
"store only the fingerprint of one user on the 
authentication system and his or her secret information, 
or it may be designed to store the f iagerprints of a 
plurality of users and their secret information in pairs. 

She fingerprint cheeking unit 12 receives the 
fingerprint feature s obtained from the fingerprint a 
user entered this time, from the feature extracting uait 
11, while the uait 12 reads out and receives a pair of 
th© fingerprint feature information F having been stored 
so far and the corresponding secret information stored 
in the user inherent information storing unit 13, from 
the user inherent information storing unit 13 (Step 203). 

The fingerprint checking unit 12 compares the 
fingerprint feature information P with the fingerprint 
feature S obtained from the fingerprint entered by the 
user, and estimates the score of the similarity, the 
score increasing when the both information is proved to 
be on the identical finger (Step 204). 



By comparing the score with a predetermined 
threshold, the fingerprint checking unit 12 judges 
whether the user giving the fingerprint information S is 
the identical to the registered user or not (Step. 205). 
When the score is higher than the threshold, it results 
in -fingerprints are in accord- and the unit 12 supplies 
the secret information corresponding to the fingerprint, 
to the authentication message encrypting unit 15 (Step 
206). 

As the method of identifying a person by checking: 
the fingerprints, there is a method disclosed, for 
example, in the following articles; -Automated 
Fingerprint identification by Minutia-Netvork Peature - 
Hatching Processes—- written by Hiroshi Asai, Yukio 
Hoshino, Kazuo Kichi, The institute of Electronics, 
information and communication Engineers Transactions, 
V01.J72-P-JI, No. 5, pp. 733-740 (1989.5). Here, the 
number of the intersectional ridges on the line 
interconnecting the end point and the bifurcation of a 
ridge is counted, digital data represented points are 
aligned, and thereafter the similarity therebetween is 
estimated, thereby checking the fingerprints. 

The fingerprint feature used in the embodiment 
assures the stable and correct check results even if 
there is deviation or distortion between the 
fingerprints, in the case of the same finger, the above 
score is extremely high, while in the case of a 
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different finger, the score approaches to zero. Further, 
the data size is much smaller than the size of the input 
fingerprint B s image, thereby decreasing the arithmetic 
processing for checking advantageously, 

As the result of checking the fingerprints, when 
the input fingerprint is in accord with the fingerprint 
feature stored in the user inherent information storing 
unit 13 r the secret information on the user stored in 
the user inherent information storing unit 13 is 
supplied to the authentication executing device 2. 

This operation will be performed as follows «, At 
first, the secret key agreeing unit 14 creates any 
random number R that may be the base of the secret key 
for this communication, and supplies this to the secret 
key agreeing unit 22 on the side of the authentication 
executing device 2. For this transmission, infrared 
communication through the infrared communication ports 
provided in the both sides is adopted* 

She secret key agreeing unit 14 calculates the 
secret key K for message encryption using the secret 
calculation formula, based on the supplied random number 
R (Step 207)* As this calculation method, for example, 
the hash function can be used« 

On the other side, the secret key agreeing unit 
22 on the side of the authentication executing device 2 
also calculates the secret key K for message encryption 
using the same secret calculation formula, based on the 
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supplied random number R. Namely, this calculation 
formula is inherent to the both of the portable terminal 
1 and the authentication executing device 2 of this 
authentication system and secret. Therefore, even if the 
random number R is stolen, it is impossible to calculate 
the secret key R in the other system. 

The authentication message encrypting unit 15 
encrypts the secret information of the user who was 
agreed about the fingerprint matching, received from the 
'user inherent information storing unit 13 by use of the: 
secret key K calculated by the secret key agreeing unit 
14, and creates a communication message (Step 208). Por 
example, the secret common key encryption method such as 
DBS is used for this encryption. 

The communication message sending unit 16 -.1 
supplies the encrypted message received from the 
authentication message encrypting' unit 15, to the 
authentication executing device 2 (Step 209). For this 
transmission, infrared communication through the 
infrared communication ports provided in the both sides 
is adopted, for example. 

On the side of the authentication executing 
device 2, the communication message from the portable 
terminal 1 is received by the communication message 
receiving unit 21 (Step 301) , which sends the same : 
message to the authentication message decrypting unit 23 
The authentication message decrypting unit 23 receives 
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the secret key K having been calculated in secret from 
the secret key agreeing unit 22 9 and decrypts the 
encryption by using the same key as the secret cossaon 
key (Step 302 )• 
5 Thus, the secret information stored in the 

portable terminal 1, which can be referred to only by 
the input of the correct fingerprint of the 
authenticated user is sent to the authentication 
executing device 2 without being stolen. The 

10 authentication executing device 2 executes the operation 

using the secret information in the user inherent 
operation executing unit 2% (Step 303) . 

For example, log-in to a computer may be 
permitted the authorized user, or the content of the 

15 secret file of the user himself or herself may be read 

out and displayed on a display of the authentication 
executing device 2o Or, the authentication executing 
device 2 may assure the other information processing 
system that a user carrying the portable terminal 1 so 

20 as to enter the fingerprint is the authorized user. 

Further , the alphabet and numeral string for 
certifying the identity in the electronic comoerce may 
be sent to the electronic eossaeree trading company 
connected over a network via the authentication 

25 executing device 2. 

In the above operations, the secret information 
stored in the portable terminal 1, which cannot be read 
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out without correct biometrics input, can be sent to the 
authentication executing device 2 safely, and the 
authentication executing device 2 can authenticate a 
user, only when a user entering the fingerprint through 
the portable terminal 1 is the user having been 
registered previously. 

further, since the secret key particular to the 
communication of secret information is used in. the 
secret Key agreeing unit 22 by P»tual agreement between 
' the portable terminal 1 on the sending party and the ; ; 
authentication executing device 2 on the receiving party, 
it is impossible for the other person to decrypt the 
content of the secret information and send the secret 
information acting line an authorised person, even if 
intercepting the past communication using the infrared. . 
rays to record and reproduce, 

jn the above description, although a most easy 
method, such that the secret key agreeing unit 14 . 
creates the random number and sends it to the secret key 
agreeing unit 22 one-sidedly, has been described, there- 
is a method of mutual authentication between the 
portable terminal 1 and the authentication executing 
device 2 while checking the communication party mutually 
with a predetermined protocol and countersign, in order 

to enhance the security. 

Further, as for the random number, it is created 
not only by the portable terminal 1 one-sidedly, but the 
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?andom aumber Rl way be created by the portable terminal 
I a^d the random number R2 may bs created by the 
authenfcie&tion executing de^iee %, which way be mutually 
asscbanged, and which may be aejepfced in such a way that 
the aaesefc cessaea key couldn't b© created without the 
both random numbers in a combined way or added way. This 
$@£hsd will provide the mar© gegijrity. 

concrete esaapl®. e£ embodiment will be 
described this ti»e. $he conerste essaaple is taken in 
10 " th« cose of log-in authentieatiea to a personal computer 
(?C)« Assume that each user ©arries his or her own 
personal terminal l, where the data of the fingerprint 
feature of his or her own finger and user name and 
password for use in log-in as the secret data that is 
IS not readable in the ordinal method are atore^ in th® 

user inherent information storing unit 13. In this case, 
assume that the PC is the authentication executing 
•« /device 2, and that the data communication between the 
portable terminal 1 and the authentication executing 
20 device 2 is performed by the infrared rays. 

When a user tries to log in to the PC, he or she 
eaters the registered fingerprint to the fingerprint 
sensor 10 of the portable terminal 1. The fingerprint's 
image is entered through the sensor 10, feature for 
25 matching is extracted by the fingerprint extracting unit 

11, and it is compared with the fingerprint feature of 
the user inherent information storing unit 13 by the 
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fingerprint checking unit 12. when they are in accord, 
the both parties are a g re,d about a secret key in the 
above-mentioned way. and the user u» and log-in 
plsS vord encrypted using the ley are ..»t fro. the 
portabl. terminal 1 to th. PC. ««r decrypting the data 
in th. authentication s».s.g. decrypting unit ». the PC 
perform the log-in operation using th. user na«e and 

lc g-in pass-ord. by way of e,«pl. of th. user-inherent 

operation. 

„ these operations, only when th. correct 
fingerprint of an authorized user is entered to the 

• -. , noo in will be permitted, in this 
portable terminal 1, log-in wxxi f 

case, a user has no trouble of rearing a password 
„or fear of fixing to lo, in because of forgetting the 
p „.^d. Without input of the correct fingerprint the 
,.cr.t information such as a password cannot be read out 
^ the lo,-in operation cannot be executed, thereby 
preventing fro- th. f raudulent lo,-in. . 

yurther. the terminal is .«ily Preble, and th. 
„ic.tion between the terminal ! and the PC is 
perform* by th. infrared rays, with no need of 
meeting the*, by a cable and inserting the portable 
^ 1 into the PC. Further, it can realis. such 
l0 g.in authentication that even if the infrared 

^cation i. intercepted, it i. i-P— « 

a password hecaus. th. message i» encrypted, and e«n - 

th . communication content is recorded and reproduce, by 
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the other person , it is impossible for the other person 
to act like an authorised person because a secret key is 
different in every time* 

Although the above description has been made in 
the ease of log-in operation to a PC, when this PC is 
used, for example, as a user terminal of a system for 
perforating the electronic cosBnerce over a network, the 
log~ in operation can be used, for personal identification 
in the commerce* In this case, the secret information 
stored in the portable terminal 1 corresponds to the 
customer identification number of a user and the 
information for identifying the user such as a personal 
identification number* The secret information is sent 
from the portable terminal 1 to the user terminal of the 
system for performing the electronic commerce, the user 
terminal sends the information for the personal 
identification sent from the portable terminal 1, to an 
authentication host of the electronic commerce after the 
infozmation is uniquely encrypted depending on the 
necessity, and the authentication host examines the 
coincidence between the same information and the 
information stored therein, thereby to confirm the 
personal identity » 

Further, in this case, the portable terminal 1 
carried by a user is preferably designed in the shape of 
a card rather than a so-called information terminal, 
from the viewpoint of the portability « A portable 
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authentication card for the conuitunication with a user 
terminal on the electronic commerce by the infrared rays 
can be realized by mounting a fingerprint sensor and a 
chip for calculation and data storing on a card 
generally called as an XC card where an integrated 
circuit can be mounted. 

Although the above description has been made in 
the case where the infrared communication is performed 
between the portable terminal 1 and the authentication 
" executing device 2, it is, of course, possible to use 
rad io waves or ultrasonic instead of the infrared rays. 
If connecting the portable terminal 1 to the 
authentication executing device 2 by a cable, or 
inserting the portable terminal 1 into the 
authentication executing device 2, or bringing the ( 
portable terminal 1 into contact with the authentication 

„ „i-ctric and magnetic means, 

executing device 2, in some electric an 

the basic operation is the same. 

Although the above description ha. been mad. in 
the cas. -here each user carries his or her own portable 
t.rmin.1, with only the data or one user stored therein. 
it U also possible to realize an authentication system 
in -hich, with a plurality of ringers and their secret 
information stored in a portable terminal, if only any 
roistered user enter, the fingerprint, only the secret 
information of the user himself or herself is -* to an 
authentication executing device. In this case, the 



fingerprint checking unit 13 V times repeats the 
operation of comparing th© fingerprint feature S 
obtain®*? from the user's in$i& fingerprint with each 
fingerprint feature information ? stored for N persons, 
m$ i£ f inding the fingerprint Mature information P 
having th& highest score, th© user corresponding to the 
fingerprint feature S can b® 8p@©ified» 

&g described above, iu the ease of a patching 
oigos'ith® of almost shoeing the score 0 in the different 
£ing®sprints and shoeing the high score in the same . 
fingerprints without fail, th® operation will stop at 
the time of finding th@ higher score than a given 
threshold, without repeating th® operation N times, and 
the fingerprint information F corresponding to the same 
©cor© can be judged to be matched fingerprint 

A 

information o When every score proves to be lower than 
the threshold even if repeating the operation W times, a 
user can't be specified and a message "impossible to 
specify 0 is to be issued. 

The above example has been taken in the case 
where the authentication executing device 2 can be 
directly communicated with the portable terminal 1 via 
the infrared rays or the like* Besides, it is possible 
to realise authentication between the remote machines, 
with an intermediate terminal put between the portable 
terminal 1 and the authentication executing device 2 . 

This second embodiment will be described with 



reference to Fig. 4. This is a variation of the first 
embodiment. Assume that, in the electronic commerce, a 
provider of a trading service manages the authentication 
executing device 2 and a shop or the like manages its 
set terminar, where a user carries the portable terminal. 
1, for example, in the shape of IC card, for certifying 
the identity of a trading member. Here, the user enters 
his or her fingerprint and certifies that he or she i. 
the authorized user in the same way as mentioned above. 
The portable terminal 1 and the authentication executing . 
device 2 are agreed about the secret key through the 
intermediation of a message transferring unit 3 of the 
set terminal, and the secret information for certifying 

_e authorised identity is sent to the authentication 
executing device 2 by use of the secret key, thereby : 
realizing the desired authentication. 

in this case, the portable terminal 1 is 
connected to the set terminal directly, or via a cable, 
or via the non-contact typed communication such as the 
infrared rays, and the set terminal is connected to the 
authentication executing device 2 via a telephone line 
or a network for the exclusive use. The set terminal is 
only to translate a message without seeing the content 
thereof, as the intermediate of communication. 

in this way, even if there is an intermediate 
means between the portable terminal 1 and the 
authentication executing device 2, they are agreed about 



the ©e@£>@t key o exchanging & g©eyet message 0 Therefore, 
it is possible to realize a ®^Qfc®m capable of kesping 
£be ©eev^ity of tlx© secret in^&?&@tion even if the ©et 
terminal OR tb® way is managed by a vicious manager* 

& third embodiment o£ fcb© present invention will 
b© described with reference t© Pig* 1* Ja the third 
©sfo®di$®$fc? assume that: the @@»fc©nt ©2 a 2il® is 
encrypted l©st the file stored m a personal computer 

should b© read pufc by tb© ©tb©r person* Each user 
o&rries his or her own portabl© terminal l f where the 
fingerprint feature data of hi© or her proper finger and 
tb© seeret key for use in the file encryption as £b© 
secret data not readable in th© ordinal way are stored 
i?i tb@ user inherent information storing unit 13, 

xn this case, the PC corresponds to th© 
authentication executing device 3, and the data 
communication between the portable terminal 1 and tb© 
authentication executing device 2 is performed via the 
infrared rays. When a user tries to encrypt a file of 
the PC, the user specifies the file and then enters his 
or her registered fingerprint to the fingerprint sensor 
10 of the portable terminal 1» When the sensor 10 
receives the fingerprint's image, the fingerprint is 
checked^ the both parties are agreed about a secret key 
for the communication, and the secret key K2, encrypted 
by using it, for file encryption is sent from the 
portable terminal 1 to the PC in the same method as 
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mentioned above. 

After decrypting the data in the authentication 
message decrypting unit 23, the PC uses the secret key 
K2 and executes the encryption operation of the 
specified file, by way of example of the user-inherent 
operation. The common key encryption method such as DBS 
is employed for encryption. It is impossible to read out 
the content of the encrypted file. 

When a user tries to decrypt the file on the PC 
" (return the file by releasing the key), the user 
specifies the encrypted file, and then enters the 
registered fingerprint to the fingerprint sensor 10 of 
the portable terminal 1. When the sensor 10 receives the 
fingerprint's image, the fingerprint is checked in the 
same way as mentioned above, the both parties are agreed 
about the secret key for the communication, and the 
secret key K2, encrypted by using it, for file 
encryption is sent from the portable terminal 1 to the 
PC. After decrypting the data in the authentication 
message decrypting unit 23, the PC uses the secret key 
K2 and executes the decrypting operation of the 
specified encrypted file, by way of example of the user 
inherent operation. Thus, the content of the file is 
returned to be readable. 

According to these operations, only when the 
correct fingerprint of an authorized user is entered to 
a specified portable terminal, the decrypting operation 
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is allowed, and the file is decrypted. la this case, 
unless the correct fingerprint is entered to the 
portable terminal of the user, the file will not be 
decrypted, thereby making it possible to keep the 
content of the file ia secret. Further, the terminal is 
small enough to be portable conveniently. 

although the present invention has been described 
in the case of using the fingerprint by nay of example 
of biometrics, it is also possible to use the other 
biometrics (features particular to the individual), with 
the other biometrics such as palm pattern, face, iris, 
retina pattern, palm shape, handwriting, voice print, or 
the like input instead of fingerprints and with a means 
of extracting the features for matching replaced with 
the fingerprint sensor and the fingerprint feature 
extracting unit, 

Fig. 5 is a block diagram showing the case of 
realizing the portable terminal 1 by use of software. 

The portable terminal eoaaprises an input unit 41, 
storing units 42 and 43, a communication unit 44, a 
storing medium 45, and a data processor 46 * The input 
unit 41 corresponds to the fingerprint sensor 10 o The 
storing unit 42 corresponds to the user inherent 
information storing unit 13. The storing unit 43 
corresponds to the hard disk. The communication unit 44 
corresponds to the communication message sending unit IS. 
The storing medium 45 is a storing medium such as FD 
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(Floppy Disk), CD-ROM, MO (Optical Magnetic Disk), and 
the like, for storing an authentication program 
including each unit, excluding the hardware portion of 
the communication message sending unit 16 of the 

5 fingerprint sensor 10 from the components of the 

portable terminal 1 of Pig. 1 and Pig. 4. The data 
processor (CPU) 46 reads out the authentication program 
from the storing medium 45 and writes it into the 
storing unit 43, thereafter executing the program. 

w yig. 6 is a block diagram showing the case of 

realizing the authentication executing device 2 by use 
of software. The authentication executing device 
comprises a communication unit 51, a storing unit 52, an 
output unit 53, a storing medium 54, and a data 

15 processor 55. The communication unit 51 corresponds to 

the communication message receiving unit 21 of Pig. 1 
and Pig. 4. The storing unit 52 corresponds to the hard 
disk. The output unit 53 is an output device for 
supplying the execution results of the user inherent 

20 operation executing unit 24. The storing medium 54 is 

the same as the storing medium 45, which stores an 
authentication executing program including each unit, 
excluding the hardware portion of the communication 
message receiving unit 21, from the components of the 

25 authentication executing device 2 shown in Fig. 1 and 

Pig. 4. The data processor 55 reads out the 
authentication executing program from the storing medium 
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54 and ^Ues it into the sto^iag unit 53 , thereafter 
assenting the program* 

A© set forth hereina£@v© f the present invention 
has tfc* ^©^i^ia? significant eggect©, 

©J 8y »akinf use of th@ fcioaefcriei identification 
t@©haAgt*©f present invention can realise an 
smthentiestien system free © trouble of remesaberiag 

© password and also free frosa a risk that the ether 
p®^®o» aefes liH® as .authorise* us@r„ 

b) By keeping the bi©spet$?£es data in a portable 
teraiaal under control of a user, and executing the 
operation© of biometrics inputs feature extraction, and 
matching in the portable terminal, the present invention 
makes it possible to manage the biometrics information 
easily and prevent from unauthorised access . Further, 
the portable terminal is decreased in size and weight, 
that it is convenient to carry* 

©J By establishing the eossaunieatien between the 
portable terminal and the authentication executing 
device by means of the infrared rays, radio waves, and 
sound waves, the present invention is free from a 
trouble of connecting them by a cable or inserting a 

terminal into a PC. 

d) Even if the infrared communication is 
intercepted, it is impossible to read a password because 
a message is encrypted <► 

e) Even if the communication content is recorded 
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and reproduced by the other person, it is impossible for 
the other person to make use of it because a secret key 
is different every time; 

Although the invention has been illustrated and 
described with respect to exemplary embodiments thereof, 
it should be understood by those skilled in the art that 
the foregoing and various other changes, omissions and 
.additions may be made therein and thereto, without 
departing from the scope of the present invention. 
Therefore, the present invention should not be under- 
stood as limited to the specific embodiments set out 
above but to include all possible embodiments which can 
be embodied with the encompassed scope and equivalents 
thereof with respect to the features set out in the 

appended claims* 

Fach feature disclosed in this specification 
(which term includes the claims) and/or shown in the 
drawings may be incorporated in the invention indepen- 
dently of other disclosed and/or illustrated features. 

The text of the abstract filed herewith is 
repeated here as part of the specification. 

An authentication method using biometrics 
identification comprises the steps of: identifying a 
user by biometrics entered from a portable authenti- 
cation terminal; when the user has been registered 
previously, establishing communication between the 
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authentication terminal and an authentication executing 
device independent of the authentication terminal, and 
calculating a common secret key for use in transmission 
of an authentication message; encrypting an authenti- 
cation message including the user's inherent information 
in the authentication terminal based on the secret key; 
sending the encrypted authentication message from the 
authentication terminal to the authentication executing 
device; and decrypting the authentication message in the 
authentication execution device based on the calculated 
secret key, thereby executing an operation depending on 
the user- inherent information included in the message. 
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1. An authentication method using biometrics 

identification, comprising the steps of: 

identifying a user by biometrics entered from a 
portable authentication terminal; 

when the user has been registered previously, 
establishing communication between the authentication 
-terminal and an authentication executing device 
'independent of the authentication terminal, and 

_ . w T1 se in transmission of an 
calculating a secret key for use in c 

authentication message; 

encrypting the authentication message including 
the user's inherent information based on the secret key 
in the. authentication terminal; , 

sending the encrypted authentication message from 
the authentication terminal to the authentication 
executing device; and, 

decrypting the authentication message in the 
authentication executing device based on the secret key. 
thereby executing an operation depending on the user- 
inherent information included in the message. 



2 . An authentication method using biometrics 

identification as set forth in Claim 1, wherein 

the communication message is transmitted in one 
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of non-contact typed communications, for example, via 
5 infrared rays, radio waves, and sound waves. 

3. An authentication method using biometrics 
identification as set forth in Claim 1, wherein 

the user inherent information included in the 
authentication message includes such secret information 
5 as cannot be read out without identification of an 

authorized user from the biometrics in the 
authentication terminal. 

4. An authentication method using biometrics 
identification as set forth in Claim 1, wherein 

an operation to be executed by the authentication 
executing device depending on the user-inherent 
5 information is a non- executable operation without 

identification of an authorized user from the biometrics 
in the authentication terminal, and therefore a function 
of authenticating that a person having registered the 
biometrics previously carries and uses the 
10 authentication terminal is provided. 

5. An authentication method using biometrics 
identification as set forth ia Claim 1, wherein 

the user inherent information included in the 
authentication message includes individual information 
5 that cannot be read out-without identification of an 



authorized user from the biometrics in the 
authentication terminal, and using the individual 
information, the authentication executing device 
executes the operation depending on the information of. a 
user employing the authentication function. 

6. An authentication method using biometrics 
information as set forth in Claim 1, . wherein 

the operation performed by the authentication-, 
executing device depending on the user-inherent 
information includes file encryption and decryption, and 
che secret key for use in this encryption and decryption 
is to be stored in such a way that the secret key cannot 
be read out without identification of an authorized user 
from the biometrics in the authentication terminal. 

7. A portable terminal for authentication using 
biometrics identification, comprising: 

biometrics -image input means for receiving a ^ 

user's biometrics image; 

biometrics -feature extracting means for 

extracting a biometrics feature for matching from th. 
input biometrics image; 

user-inherent information storing means for 
storing the biometrics feature and inherent information 

of the user in pairs; 

secret-key-agreeing means for deciding a Jcey for 
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use in encryption of an authentication message between 
the authentication executing device and the portable 
terminal; 

biometrics -image checking means for comparing the 
biometrics image extracted fro© the user's input 
biometries image with the biometries feature stored in 
said user -inherent information storing means , judging 
whether the user having entered the biometrics image 
this tisae is a registered user or not, and when this 
user is a registered user, supplying the inherent 
information stored in pairs with the biometrics image in 
said user inherent information storing means; 

authentication-message encrypting means for 
encrypting the user's inherent information by the 
decided secret key; and; 

communication-message sending means for sending a 
communication message to the authentication executing 
device o 

80 A portable terminal as set forth in Claim 7, 

wherein t x 

said user-inherent information storing means 
stores the biometrics features and inherent information 
for a plurality of users. 

9o A portable terminal as set forth in Claim 7 , 

wherein- 
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said biometrics-image checking means estimates a 
score indicating similarity of the biometrics images, 
and judges that the user having entered the biometrics 
image this time is a registered user when the score is 
higher than a threshold. 

10. A portable terminal as set forth in Claim 7, _ : 
wherein: 

said user-inherent information storing means 
stores the biometrics features and inherent information 
for a plurality of users; and, 

said biometrics-image checking means estimates 
score indicating similarity of the biometrics images, 
and judges that the user having entered the biometrics 
image this time is a registered user when the score is 
higher than a threshold. 

11. A portable terminal as set forth in Claim 7, 
where in t 

said secret-key-agreeing means creates any random 
number, sends the random number to the authentication 
executing device, and calculates the key by use of a 
secret formula based on the same random number. 

12. A portable terminal as set forth in Claim 7, 
wherein'. 

said user-inherent information storing means 



stores the biometrics features and inherent information 
for a plurality of users; and, 

said secret- key- agreeing means creates any random 
number , sends the random number to the authentication 
executing device, and calculates the key by use of .a 
secret formula based on the same random number • 

13 „ A portable terminal as set forth in Claim 7, 
wherein : 

said biometrics«Amage checking means estimates & 
score indicating similarity of the biometrics images, 
and judges that the user having entered the biometrics 
image this time is a registered user when the score is 
higher than a threshold? and, 

said secret- key- agreeing means creates any random 
number, sends the random number to the authentication 
executing device, and calculates the key by use of a 
secret formula based on the same random number, 

14 o A portable terminal as set forth in Claim 7, 
therein ' 

said secret -key- agreeing means performs mutual 
authentication together vith the authentication 
executing device according to a predetermined protocol 
and countersign prior to deciding the key* 

ISo A portable terminal as set forth in Claim 7, 
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vherein '• 

said user-inherent information storing means 
stores the biometrics features and inherent information 
for a plurality of users; and, 

said secret-key-agreeing means^ performs mutual 
authentication together with the authentication 
executing device according to a predetermined protocol ^ 
and countersign prior to deciding the key. 

16. A portable terminal as set forth in Claim 7, 
wherein '• 

said biometrics-image checking means estimates ; 
score indicating similarity of the biometrics images, 
and judges that the user having entered the biometrics 
image this time is a registered user when the score is 
higher than a threshold; and, 

said secret-key-*greeing means performs mutual 
authentication together with the authentication 
executing device according to a predetermined protocol 
and countersign prior to deciding the key. 

17 . a portable terminal as set forth in Claim 7, 

wherein t * 
said secret-key-agreeing means creates any random 

number, sends the created random number to the 
authentication executing device, receives the created 
random number from the authentication executing device. 



- «; - 



infi eseeatao tao key fey us© ©2 both random numbers, 

j§ 9 & portable terminal a@ get forth in Claim 7, 
^herein? 

ssid user-inhereafe $a£@rmatioa storing means 
gfe@?es fch® biometries features ©a4 iaaeseat iaf ermatiea 
g £@r Q ^iBSaHfey users? eaf^ 

said seeret«={cey-»agreei8g meaas creates aay r&adom 
$®abery seads the created raadeia number te the 
'swsfeheatiestioa executing devie© ff receives tee cheated 
£©ad©» number from the autheatieatioa essecufciag device, 
iQ qjmJ creates the key by use of both random numbers, 

IS, & portable terminal S8 set forth ia Claim 7, 
WhereiaJ 

gaid biometries -image eheejciag ®eaas estimates 
sear© Aadieatiag similarity of the biometrics images, 
8 s^d hedges that the user h&viag eatered the biometrics 

image this time is a registered user when the score is 
higher thaa a threshold; and; 

said secrefe-keywagreeing means creates aay raadea 
number , seads the eseafeed random number to the 
10 authentication executing device, receives the created 

raadoa number from the authentication executing deviee, 
aad creates the key by use of both random numbers. 

20. A portable terminal as set forth ia Claim 7, 



r 
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which : 

communicates with the authentication executing 
device by one of non-contact types of communications, for 
example, via infrared rays, radio waves, and sound waves. 

21. A portable terminal as set forth in Claim 7, 
which*. 

communicates with the authentication executing ^ 
device through another terminal. 

22. An authentication system for performing 
authentication using biometrics identification, having: 

a portable terminal and an authentication ^ 

executing device, 

said portable terminal including: 
biometrics-image input means for a user's 

receiving biometrics image; 

biometrics-feature extracting means for ^ 
extracting biometrics feature for matching from the 

input biometrics image; 

user-inherent information storing means for 
storing the biometrics feature and inherent information 

of the user in pairs; -» 
secret -key- agreeing means for deciding a key for 
use in encryption of an authentication message between 
said authentication executing device and said portable 
terminal; 



biometrics -image checking means for comparing the 
biometrics image extracted from the user's input 
biometrics image with the biometrics feature stored in 
said user-inherent information storing means , judging 
whether the user having entered the biometrics image 
this time is a registered user or not, and when this 
user is a registered user, supplying the inherent 
information stored in pairs tyith the biometrics image in 
said user inherent information storing means; 

authentication-message encrypting means for 
encrypting the user's inherent information by use of the 
decided secret key; and, 

communication message sending means for sending a 
commuaication message to said authentication executing 
device ; 

said authentication executing device including s 
secret-key-agreeing means for deciding a key for 
use in encryption of an authentication message between 
said portable terminal and said authentication executing 
device; 

communication-message receiving means for 
receiving a communication message sent from said 
portable terminal; 

authentication-message decrypting means for 
decrypting the communication message by use of the 
decided secret key; and? 

user -inherent operation executing means for 
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executing the user-inherent operation based on the 
inherent information decrypted from the communication 
message. 

23. An authentication system as set forth in Claim 22, 
wherein*. 

said biometrics image-checking means estimates a 
score indicating similarity of the biometries images, 
and judges that the user having entered the biometrics, 
image this time is a registered user when the score is. 
higher than a threshold. 

24. An authentication system as set forth in Claim 22, 
wherein* 

said user-inherent information storing means of 
said portable terminal stores the biometrics features 
and inherent information for a plurality of users; and, 

said biometrics-image checking means estimates a 
score indicating similarity of the biometrics images, 
and judges that the user having entered the biometrics 
image this time is a registered user when the score is 
higher than a threshold. 



25. An 
wherein*. 



authentication system as set forth in Claim 22, 



said secret-key-agreeing means of said portable 
terminal creates any random number, sends the random 



number to said authentication executing device, and 
calculates the key by use of a secret formula based on 
the same random number. 

26 « An authentication system as set forth in Claim 22, 
wherein - 

said user- inherent information storing means of 
said portable terminal stores the biometrics features 
and inherent information for a plurality of users; and, 

said secret-key— agreeing means creates any random 
number, sends the random number to said authentication 
executing device, and calculates the key by use of a 
secret formula based on the same random number * 

27 o An authentication system as set forth in Claim 22, 
wherein ' 

said biometrics- image checking means of said 
portable terminal estimates a score indicating similarity 

of the biometrics images, and judges that the user 
having entered the biometrics image this time is a 
registered user *?hen the score is higher than a 
threshold; and, 

said secret-key-agreeing means creates any random 
number, sends the random number to said authentication 
executing device, and calculates the key by use of a 
secret formula based on the same random number. 
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28. authentication system as set forth in Claim 22, 

wherein: 

said secret-key-agreeing means of said 
authentication executing device calculates the Hey by 
use of the saw eecret formula as that of said portable 
terminal based on the random number sent from said 
portable terminal. 

39. An authentication system as set forth in Claim 22, 
wherein i 

said secret key agreeing means of said 
authentication executing device receives the random 
number from said portable terminal, creates any random 
number, and creates the key by use of both random 
numbers * 

• 

30. A computer-readable memory storing an 
authentication program for making a computer perform 
authentication using biometrics identification, 
the authentication program comprising: 
a biometrics-image input step for a user's 

receiving biometrics image; 

a biometrics-feature extracting step for 
extracting biometrics feature for matching from the 

input biometrics image; 

a 5 e<=re t ^ey- agreeing step for deciding . key for 
use in encryption of an authentication «e»ea,e between 



said authentication executing device and said portable 

terminal j 

& biometrics -image eh@eKing step for comparing 
fcb© biometries image @xtraet©4 user's input 

biometries image with the bi^^^ s feature stored in 
©$i<$ us@§-infeerent informatiea storing means £05? storing 
@ pais t£© biometrics featuy©8 and inherent 
inf ©rmatien o£ the user, judging whether the u@9£ having 
@&t$r&4 the biometries image £bis time is a registered 
"user or not, and when this us®? is a registered user, 
supplying the inherent information stored in pairs with 
t£e biometrics image in said user ^inherent information 
storing means ? 

an authentication-message encrypting step for 
encrypting the user's inherent information by usje of tfa© 
deeided secret key; and; 

a eommuaication~message sending step fo? lending 
& eo^sunication message to said authentication Q&eeuting 
device • 

31 • & computer-readable memory as set forth in Claim 
30, wherein: 

said biometries-image checking step of said 
authentication program estimates a score indicating 
similarity of the biometrics images, and judges that the 
user having entered the biometrics image this time is a 
registered user when the score is higher than a 
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threshold. 

32. A computer- readable memory as set forth in Claim 

30 r wherein*. 

said secret- key- agreeing step of said 
authentication program creates any random number, sends 
the random number to said authentication executing 
device, and calculates the key by use of a secret 
formula based on the same random number. 

33. A computer readable memory as set forth in Claim 

30, wherein: 

said biometrics-image checking step of said 
authentication program estimates a score indicating 
similarity of the biometrics images, and judges that the 
user having entered the biometrics image this time is a 
registered user when the score is higher than a 

threshold; and* 

said secret-key-agreeing step of said 
authentication program creates any random number, sends 
the random number to said authentication executing 
device, and calculates the key by use of a secret 
formula based on the same random number. 



-readable memory as set forth in Claim 
storing an authentication executing program of 



34. A computer 
30, 
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said authentication executing device, 

the authentication executing program making a 
computer perform: 

a secret-key- agreeing step for deciding a key for 
use in encryption of an authentication message between 
the authentication program and the authentication 
executing program; 

a cofflaunication-mesgage receiving step for 
receiving a cosssaunication message sent from the 
authentication program; 

an authentications-message decrypting step for 
decrypting the communication message by use of the 
decided secret key; and? 

a user-inherent operation executing step for 
executing the user-inherent operation based on the 
inherent information decrypted from the communication 
messages 

35. A computer-readable memory as set forth in Claim 
3 4 o wherein* 

said secret-key~egreeing step of the. 
authentication executing program calculates the key by 
use of the same secret formula as that of said portable 
terminal based on the random number sent from said 
portable terminal- 

36* A computer -readable memory as set forth in Claim 
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34, wherein: 

said secret-key-agreeing step of the authenti- 
cation executing program receives the random number from 
said authentication program, creates any random number; 
and creates the key by use of both random numbers. 

37. An authentication message substantially as herein 
described with reference to and as shown in Figures 1 to 
6 of the accompanying drawings. 

38. A portable terminal for authentication using 
biometrics identification, the terminal being substanti- 
ally as herein described with reference to and as shown 
in Figures 1 to 6 of the accompanying drawings. 

39. An authentication system for performing authenti- 
cation using biometries identification, the system being 
substantially as herein described with reference to and 
as shown in Figures 1 to 6 of the accompanying drawings. 

40. A computer-readable memory storing an authenti- 
cation program for making a computer perform authenti- 
cation using biometrics identification, the computer- 
readable memory being substantially as herein described 
with reference to and as shown in Figures 1 to 6 of the 
accompanying drawings* 
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